[Samba] Update samba and Debian

Rowland Penny rpenny at samba.org
Sat Dec 9 18:32:14 UTC 2017 

On Sat, 09 Dec 2017 18:01:44 +0000
sandy.napoles at eccmg.cupet.cu wrote:

> 9 de diciembre de 2017 12:57, "Rowland Penny via samba"
> <samba at lists.samba.org> escribió:
> 
> > On Sat, 09 Dec 2017 17:06:21 +0000
> > Sandy via samba <samba at lists.samba.org> wrote:
> > 
> >> Hello list, I want to make a new domain with the following
> >> features, using debian 9 with samba 4.7.3, at the beginning
> >> everything went well, but I have a doubt when in the configuration
> >> it is requested what type of server to choose, I would like to use
> >> the option NONE , then install a bind and configure it myself, all
> >> that is fine, but I have a doubt, when I run the
> >> command ./samba_update --verbose, I get the following ....... I
> >> would like to know what I have wrong or what's wrong with that
> >> output, I'll only show a part, I'd like to know if that output is
> >> correct and the error it gives to what should be need cache add: A
> >> ccmg7.eccmg.cupet.cu x.x.x.x Looking for DNS entry A
> >> ccmg7.eccmg.cupet.cu 172.18.68.7 as ccmg7.eccmg.cupet.cu. need
> >> cache add: A eccmg.cupet.cu 172.18.68.7 Looking for DNS entry A
> >> eccmg.cupet.cu 172.18.68.7 as eccmg.cupet.cu. need cache add: SRV
> >> _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 Looking for DNS
> >> entry SRV _ldap._tcp.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389 as
> >> _ldap._tcp.eccmg.cupet.cu. Checking 0 100 389
> >> ccmg7.eccmg.cupet.cu. against SRV _ldap._tcp.eccmg.cupet.cu
> >> ccmg7.eccmg.cupet.cu 389 need cache add: SRV
> >> _ldap._tcp.dc._msdcs.eccmg.cupet.cu ccmg7.eccmg.cupet.cu 389
> >> 
> >> 1 DNS updates and 0 DNS deletes needed
> >> Traceback (most recent call last):
> >> File "./samba_dnsupdate", line 863, in
> >> creds = get_credentials(lp)
> >> File "./samba_dnsupdate", line 204, in get_credentials
> >> raise e
> >> samba.NTSTATUSError: (-1073741811, 'An invalid parameter was passed
> >> to a service or function.')
> > 
> > I take it you mean you used '--dns-backend=NONE' with the provision
> > command or you ran the provision command interactively and enter
> > 'NONE' when prompted for the dns server.
> > 
> > Which ever you did, it was a BAD idea.
> > If you want to use Bind9 as the dns server instead of the internal
> > dns server, install bind9 before the provision and use
> > '--dns-backend=BIND9_DLZ' with the provision command or, if you run
> > the provision interactively, enter 'BIND9_DLZ' when prompted for
> > the dns server.
> > Do not under any circumstances use 'BIND9_FLATFILE', it doesn't
> > work, just as using 'NONE' doesn't work.
> > 
> > Rowland
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> 
> 
> 1- samba-tool domain provision --use-rfc2307 --interactive
> 2- Realm [SAMDOM.EXAMPLE.COM]: SAMDOM.EXAMPLE.COM
> 3- Domain [SAMDOM]: SAMDOM
> 4- Server Role (dc, member, standalone) [dc]: dc
> 5- DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
> [SAMBA_INTERNAL]: NONE

Do not use 'NONE', if you do, you will not get the dns info in AD.

install Bind9 before you provision the domain, then when prompted:

DNS backend (SAMBA_INTERNAL, BIND9_FLATFILE, BIND9_DLZ, NONE)
[SAMBA_INTERNAL]:

Enter 'BIND9_DLZ'

You can, if you wish, configure Bind9 before the provision, but do not
start it or add any AD dns zones to the named conf files.

Rowland

More information about the samba mailing list